Importing a CA Certificate for SSL Connections to Active Directory
When Creating an Active Directory Server Connection, you can use a certification authority (CA) certificate for SSL authentication. To authenticate SSL connections using a CA certificate, import the certificate and instruct FME Server to add it to the list of trusted certificates.
- Make a backup of the current list of trusted Certificate Authorities:
- Obtain your RootCA certificate as a .cer file:
- Add the certificate to the list of trusted ones:
- Linux:
- Windows:
<rootca-alias>
is the custom alias for the certificate.- <cer-file> is the path to the .cer file downloaded in step 2.
- Restart FME Server.
<FMEServerDir>/Utilities/jre/lib/security/cacerts
http://<domain-controller>/certsrv/certcarc.asp > 'install this CA certificate'
Or, contact your domain administrator
Open the command terminal and issue the following commands:
cd <FMEServerDir>/Utilities/jre
./bin/keytool -import -trustcacerts -alias <rootca-alias> -file <cer-file> -keystore ./lib/security/cacerts
Launch cmd.exe and issue the following commands:
cd <FMEServerDir>\Utilities\jre
bin\keytool -import -trustcacerts -alias <rootca-alias> -file <cer-file> -keystore
lib\security\cacerts
When prompted for keystore password, default is changeit.
When prompted to trust certificate, answer yes.
Where: